Setting up Keycloak Server for Authentication

Introduction

Keycloak provides API and a client library that makes managing identity and user access in modern applications a breeze.

Once setup, we can use Keycloak to manage application login/logout, give user permissions for specific routes, make api calls to protected endpoints, and much more.

Requirements

In order to spin up the Keycloak server and make requests for tokens at the endpoint, we will need to instantiate the server. There are a few options to doing so,

1. Run the server on a docker container
2. Boot up the Keycloak standalone server from their official website

in this tutorial, we will be opting for using docker and hosting our server there.

Starting the Keycloak Server

Ensure that you have docker installed and we will simply load up the Keycloak image and boot up the server locally on the docker container. Running the following command will spin up the Keycloak server on port 8080 and create a user with the id : admin and password : admin.

$ docker run -p 8080:8080 -e KEYCLOAK_USER=admin -e KEYCLOAK_PASSWORD=admin quay.io/keycloak/keycloak:legacy

We can now reach the Keycloak server by going to http://localhost:8080/auth/ and logging in with the above credentials.

Once you have logged in with you will be redirect to the dashboard which will look similar to this

A single Keycloak server is able to intercept and serve a host of applications and it does so by separating its services into “Realms”, now I will go into the steps involved in creating a new realm and the configurations that must be done before the Keycloak server can be used to authenticate its users.

Configuring a realm and its components

In order to create a new realm, navigate to the top left of the admin dashboard and click on “Add realm”. From there give your new realm a name and hit “Create”.

Next we will need to configure the client application that you will be connecting to the Keycloak server from. Click on the “Create” button and give your client ID an appropriate name.

From here we want to set the redirect URL to localhost:3000 and set the Web Origins to “+” and add it to the list otherwise there can be CORS errors when authenticating.

Now we can add user credentials to this realm by going down to Users section and clicking on “Add user”

The only field thats required is the username, I’ll set my new user with username of ‘user1’. From there we have to give it password update under the “Credentials” tab and finally give the user the proper roles in this realm.

Now that our Keycloak server is up and running and the correct realm is instantiated with user credentials, we’re all set to use Keycloak in order to authenticate users for applications. Whether it be used to create tokens for API calls or create simple and straightforward login flow, the possiblities are many and you can explore them on their official site.

If you would like us to help, please email us at info@datasurge.com or complete the form on our contact us page